3 matches found
CVE-2022-0451 Auth bypass in Dark SDK
Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...
CVE-2022-0451 Auth bypass in Dark SDK
Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...
CVE-2022-0451
The CVE-2022-0451 issue affects the Dart SDK (dart:io) where HTTPClient may include Authorization headers during cross-origin redirects. By default, HttpClient handles redirects, and headers that are set on the initial request could be sent to a redirect target if the redirect goes to an attacker...